Risk Roundup for July and August 2018
Our fourth Risk Roundup of the year focuses on some of the major events that occurred this summer. In July and August, we experienced a World Cup, California leading the way in data privacy, a daring cave rescue of a boys’ soccer team in Thailand and a Treasury report that gave the green light to Fintechs everywhere.
FIFA World Cup 2018
The US team didn’t qualify for the World Cup, so you may have tuned out the event won by France in mid- July. It certainly had its share of cyber attacks (25 million) but no cyber attacks on FIFA World Cup 2018 that wreaked havoc. Credit goes to risk management. Players and fans heeded warnings and didn’t use the public Wi-Fi or plug in USB sticks given away. Lesson: The more informed and wary we are, the safer we are.
California’s New Data Privacy Law
The California Consumer Privacy Act of 2018 represents the first state-mandated data privacy regulation in the US. It was passed at the end of June with speculation rampant throughout July and August about this legislation that takes effect in 2020. California’s privacy law is modeled after the EU’s General Data Protection Regulation (GDPR), which protects data and privacy of individuals of the European Union. California’s privacy law will have a huge impact on US citizens who use the Internet and social media as many leading tech companies are based in California.
Thai Cave Rescue
A boys’ soccer team was trapped in the Tham Luang cave in Thailand for two weeks in June and July. Efforts to rescue them from the flooded cave captivated the world with each twist and turn of the story. The rescue mission carried out by special forces was dangerous (one rescuer died) but successful. It brings to mind the importance of reviewing controls, policies and procedures after an adverse event. Closing the cave during the rainy season, for example, could mitigate the risk of such an event from ever happening again.
Risk and Fintech
As we noted in a recent blog, the U.S. Treasury Department released a major report on July 31 that called for “more streamlined and tailored oversight” of innovations in the Fintech sector. Disruption and new technologies mean new risks. Fintechs will need to manage risk, especially information security and data privacy. Banks will have to expand capabilities in managing IT risk and third-party risk as a result of partnering with or outsourcing to technology partners.
That’s it for our September edition of Risk Roundup. We’ll be back in November with a roundup of notable risks from September and October.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.
We see a trend that would unify compliance and risk management under the same umbrella and help address the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.